Hi,
I''m pretty new to shorewall, so I''m hoping the answer is
simple. I''ve been
trying several things, and am having trouble trying to get port 22869 to be
the externally accessable. I have tried this on several different servers
with many variations on the rules.
This is with shorewall 3.0.5. I went ahead and tested using nearly an exact
copy of the files
from /usr/share/doc/packages/shorewall/Samples/two-interfaces/ and still ran
into the issue. The redirect works, but port 22 is also open:
iptables -L
Chain net2fw (1 references)
ACCEPT tcp -- anywhere mismail.int.iplink.net tcp dpt:ssh
iptables -L -t nat
Chain net_dnat (1 references)
DNAT tcp -- anywhere anywhere tcp dpt:22869
to:10.255.0.25:22
What do I need to do to allow only access to 22869?
Here''s the relevant config files:
rules:
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
ACCEPT net fw icmp echo-request
DNAT net fw:10.255.0.25:22 tcp 4001
policy:
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
all net ACCEPT
net all DROP debug
all all REJECT info
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
#net eth0 209.226.172.34
net eth0 10.255.0.25
loc eth1 192.168.1.3
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642